diff options
| author | Alyssa Ross <hi@alyssa.is> | 2019-11-24 20:10:38 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-12-03 15:16:30 +0000 |
| commit | 5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6 (patch) | |
| tree | 86178e84e3333b2f76af61740c5b90cfb961193b /pkgs/os-specific/linux/chromium-os/crosvm | |
| parent | 51fe75bdd32fa50b5e1b043957b71faf9260592f (diff) | |
| download | nixpkgs-5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6.tar nixpkgs-5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6.tar.gz nixpkgs-5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6.tar.bz2 nixpkgs-5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6.tar.lz nixpkgs-5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6.tar.xz nixpkgs-5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6.tar.zst nixpkgs-5f9876b29e6fd4e8ae9f0105a5386e932bedf3b6.zip | |
sommelier: init at 78.12499.0.0-rc1
sommelier has a lot of dependencies on other Chromium OS packages. To manage this mess, I introduced chromiumOSPackages to hold them all, since most of them won't be useful aside from building other Chromium OS packages, and chromiumOSPackages.common-mk, which is a wrapper around stdenv to handle interacting with Chromium OS's idiosyncratic GN-based build system. I adapted crosvm's updateScript to become the updateScript for all of chromiumOSPackages, and pulled crosvm under chromiumOSPackages. This means that all Chromium OS packages use approximately the same versions that are distributed as an upstream release. There are still a couple of Chromium OS packages in Nixpkgs that aren't part of this set. Pulling those in is future work.
Diffstat (limited to 'pkgs/os-specific/linux/chromium-os/crosvm')
| -rw-r--r-- | pkgs/os-specific/linux/chromium-os/crosvm/default-seccomp-policy-dir.diff | 15 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/chromium-os/crosvm/default.nix | 74 |
2 files changed, 89 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/chromium-os/crosvm/default-seccomp-policy-dir.diff b/pkgs/os-specific/linux/chromium-os/crosvm/default-seccomp-policy-dir.diff new file mode 100644 index 00000000000..f1aa50ee102 --- /dev/null +++ b/pkgs/os-specific/linux/chromium-os/crosvm/default-seccomp-policy-dir.diff @@ -0,0 +1,15 @@ +diff --git a/src/crosvm.rs b/src/crosvm.rs +index b7055df..5989c87 100644 +--- a/src/crosvm.rs ++++ b/src/crosvm.rs +@@ -141,7 +141,9 @@ impl Default for Config { + x_display: None, + shared_dirs: Vec::new(), + sandbox: !cfg!(feature = "default-no-sandbox"), +- seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR), ++ seccomp_policy_dir: PathBuf::from( ++ option_env!("DEFAULT_SECCOMP_POLICY_DIR").unwrap_or(SECCOMP_POLICY_DIR), ++ ), + seccomp_log_failures: false, + cras_audio: false, + cras_capture: false, diff --git a/pkgs/os-specific/linux/chromium-os/crosvm/default.nix b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix new file mode 100644 index 00000000000..648fef71616 --- /dev/null +++ b/pkgs/os-specific/linux/chromium-os/crosvm/default.nix @@ -0,0 +1,74 @@ +{ stdenv, rustPlatform, fetchFromGitiles, upstreamInfo +, pkgconfig, minijail, dtc, libusb1, libcap +}: + +let + arch = with stdenv.hostPlatform; + if isAarch64 then "arm" + else if isx86_64 then "x86_64" + else throw "no seccomp policy files available for host platform"; + + crosvmSrc = fetchFromGitiles + upstreamInfo.components."chromiumos/platform/crosvm"; + + adhdSrc = fetchFromGitiles + upstreamInfo.components."chromiumos/third_party/adhd"; +in + + rustPlatform.buildRustPackage rec { + pname = "crosvm"; + inherit (upstreamInfo) version; + + unpackPhase = '' + runHook preUnpack + + mkdir -p chromiumos/platform chromiumos/third_party + + pushd chromiumos/platform + unpackFile ${crosvmSrc} + popd + + pushd chromiumos/third_party + unpackFile ${adhdSrc} + popd + + chmod -R u+w -- "$sourceRoot" + + runHook postUnpack + ''; + + sourceRoot = "chromiumos/platform/crosvm"; + + patches = [ + ./default-seccomp-policy-dir.diff + ]; + + cargoSha256 = "1b5i9gwrw55p89f7vwjy801q26hwyn8hd64w6qp66fl9fr7vgvbi"; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ dtc libcap libusb1 minijail ]; + + postPatch = '' + sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \ + seccomp/*/*.policy + ''; + + preBuild = '' + export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy + ''; + + postInstall = '' + mkdir -p $out/share/policy/ + cp seccomp/${arch}/* $out/share/policy/ + ''; + + passthru.updateScript = ./update.py; + + meta = with stdenv.lib; { + description = "A secure virtual machine monitor for KVM"; + homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/"; + license = licenses.bsd3; + platforms = [ "aarch64-linux" "x86_64-linux" ]; + }; + } |